January 23, 2024 at 09:08AM
VexTrio, a traffic distribution system operator, manages over 70,000 domains to connect cybercriminals with compromised websites, facilitating scams, phishing, and malware. Infoblox characterizes it as the most widespread threat actor, infiltrating over half of monitored organizations. VexTrio evades detection using diverse tactics, making it hard for security companies to take action against them. Collaboration and proactive measures are recommended to combat this pervasive threat.
Key Takeaways from the Meeting Notes:
– A group called “VexTrio” operates a large traffic distribution system (TDS) with over 70,000 domains, used to connect threat actors who compromise vulnerable websites with those who host malicious content.
– VexTrio’s TDS servers filter traffic based on browser settings and cached data, redirecting victims to malicious content based on predefined profiles. This allows them to specialize in different aspects of cybercrime and microtarget their attacks.
– The group uses various methods to evade detection, such as a dictionary domain generation algorithm (DDGA), multi-staged chains of TDS redirections, and maintaining compromised websites.
– VexTrio appears like any other legitimate TDS network, making it difficult for security companies or registries to gather evidence against them and take action.
– Collaboration and sharing among industry stakeholders are recommended to combat malicious TDS, and it’s suggested that registrars and registries become more proactive in identifying signs of malicious TDS despite the challenges posed by rules regarding freedom on the Internet.
These takeaways provide a clear understanding of the threats posed by VexTrio and the challenges in combating their malicious activities.